Title: [286438] trunk/Source
- Revision
- 286438
- Author
- [email protected]
- Date
- 2021-12-02 11:19:01 -0800 (Thu, 02 Dec 2021)
Log Message
Unreviewed, reverting r286437.
https://bugs.webkit.org/show_bug.cgi?id=233776
Introduced test failure
Reverted changeset:
"[WP] Strengthen sandbox when AppCache is disabled"
https://bugs.webkit.org/show_bug.cgi?id=233746
https://commits.webkit.org/r286437
Modified Paths
Diff
Modified: trunk/Source/WTF/ChangeLog (286437 => 286438)
--- trunk/Source/WTF/ChangeLog 2021-12-02 18:44:46 UTC (rev 286437)
+++ trunk/Source/WTF/ChangeLog 2021-12-02 19:19:01 UTC (rev 286438)
@@ -1,3 +1,16 @@
+2021-12-02 Commit Queue <[email protected]>
+
+ Unreviewed, reverting r286437.
+ https://bugs.webkit.org/show_bug.cgi?id=233776
+
+ Introduced test failure
+
+ Reverted changeset:
+
+ "[WP] Strengthen sandbox when AppCache is disabled"
+ https://bugs.webkit.org/show_bug.cgi?id=233746
+ https://commits.webkit.org/r286437
+
2021-12-02 Per Arne Vollan <[email protected]>
[WP] Strengthen sandbox when AppCache is disabled
Modified: trunk/Source/WTF/wtf/PlatformHave.h (286437 => 286438)
--- trunk/Source/WTF/wtf/PlatformHave.h 2021-12-02 18:44:46 UTC (rev 286437)
+++ trunk/Source/WTF/wtf/PlatformHave.h 2021-12-02 19:19:01 UTC (rev 286438)
@@ -1102,8 +1102,3 @@
#if PLATFORM(MAC) && __MAC_OS_X_VERSION_MIN_REQUIRED < 120000
#undef HAVE_AV_DELEGATING_PLAYBACK_COORDINATOR
#endif
-
-#if ((PLATFORM(MAC) && __MAC_OS_X_VERSION_MIN_REQUIRED >= 130000) \
- || (PLATFORM(IOS) && __IPHONE_OS_VERSION_MIN_REQUIRED >= 160000))
-#define HAVE_SANDBOX_STATE_FLAGS 1
-#endif
Modified: trunk/Source/WebKit/ChangeLog (286437 => 286438)
--- trunk/Source/WebKit/ChangeLog 2021-12-02 18:44:46 UTC (rev 286437)
+++ trunk/Source/WebKit/ChangeLog 2021-12-02 19:19:01 UTC (rev 286438)
@@ -1,3 +1,16 @@
+2021-12-02 Commit Queue <[email protected]>
+
+ Unreviewed, reverting r286437.
+ https://bugs.webkit.org/show_bug.cgi?id=233776
+
+ Introduced test failure
+
+ Reverted changeset:
+
+ "[WP] Strengthen sandbox when AppCache is disabled"
+ https://bugs.webkit.org/show_bug.cgi?id=233746
+ https://commits.webkit.org/r286437
+
2021-12-02 Per Arne Vollan <[email protected]>
[WP] Strengthen sandbox when AppCache is disabled
Modified: trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in (286437 => 286438)
--- trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in 2021-12-02 18:44:46 UTC (rev 286437)
+++ trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in 2021-12-02 19:19:01 UTC (rev 286438)
@@ -1385,45 +1385,27 @@
(when (defined? 'system-fcntl)
(deny system-fcntl (with telemetry))
(allow system-fcntl
- (fcntl-command
- F_GETPATH)) ;; used by dyld4 and CGFontURLCreate, getcwd (at least)
- (allow system-fcntl (with report) (with telemetry)
- (fcntl-command
- F_BARRIERFSYNC
- F_GETCONFINED
- F_GETFL ;; LibJPEGReadPlugin::copyImageBlockSetStandard
- F_GETSIGSINFO
- F_NOCACHE
- F_RDADVISE
- F_SETCONFINED
- F_ADDFILESIGS_RETURN ;; ImageLoaderMachO::loadCodeSignature
- F_CHECK_LV ;; ImageLoaderMachO::loadCodeSignature
- F_SPECULATIVE_READ ;; ImageLoaderMachO::mapSegments
- F_SETFD ;; libwebrtc.dylib (no backtrace)
- F_GETFD ;; libwebrtc.dylib (no backtrace)
- F_SETFL ;; CMCapture uses when camera is enabled
- F_SETNOSIGPIPE)) ;; CMCapture uses when camera is enabled
+ (fcntl-command F_BARRIERFSYNC)
+ (fcntl-command F_GETCONFINED)
+ (fcntl-command F_GETFL) ;; LibJPEGReadPlugin::copyImageBlockSetStandard
+ (fcntl-command F_GETLK)
+ (fcntl-command F_GETSIGSINFO)
+ (fcntl-command F_NOCACHE)
+ (fcntl-command F_OFD_GETLK)
+ (fcntl-command F_OFD_SETLKWTIMEOUT)
+ (fcntl-command F_RDADVISE)
+ (fcntl-command F_SETCONFINED)
+ (fcntl-command F_GETPATH) ;; used by dyld4 and CGFontURLCreate, getcwd (at least)
+ (fcntl-command F_ADDFILESIGS_RETURN) ;; ImageLoaderMachO::loadCodeSignature
+ (fcntl-command F_CHECK_LV) ;; ImageLoaderMachO::loadCodeSignature
+ (fcntl-command F_SPECULATIVE_READ) ;; ImageLoaderMachO::mapSegments
+ (fcntl-command F_SETFD) ;; libwebrtc.dylib (no backtrace)
+ (fcntl-command F_GETFD) ;; libwebrtc.dylib (no backtrace)
+ (fcntl-command F_SETFL) ;; CMCapture uses when camera is enabled
+ (fcntl-command F_SETNOSIGPIPE)) ;; CMCapture uses when camera is enabled
- (define (appcache-fcntl-commands)
- (fcntl-command
- F_GETLK
- F_OFD_GETLK
- F_OFD_SETLK
- F_OFD_SETLKWTIMEOUT))
-
-#if HAVE(SANDBOX_STATE_FLAGS)
- ;; This rule enables the WebContent process to flip the "AppCacheDisabled" sandbox variable
- ;; by reading a preference from the domain "com.apple.WebKit.WebContent.AppCacheDisabled".
- (deny user-preference-read (with enable-state-flag "AppCacheDisabled")
- (preference-domain "com.apple.WebKit.WebContent.AppCacheDisabled"))
-
- (with-filter (require-not (state-flag "AppCacheDisabled"))
- (allow system-fcntl (appcache-fcntl-commands)))
- (with-filter (state-flag "AppCacheDisabled")
- (allow system-fcntl (with report) (with telemetry) (appcache-fcntl-commands)))
-#else
- (allow system-fcntl (with report) (with telemetry) (appcache-fcntl-commands)))
-#endif
+ (allow system-fcntl (with telemetry)
+ (fcntl-command F_OFD_SETLK))
(allow system-fcntl
(fcntl-command F_GETPROTECTIONCLASS)
Modified: trunk/Source/WebKit/WebProcess/WebPage/WebPage.cpp (286437 => 286438)
--- trunk/Source/WebKit/WebProcess/WebPage/WebPage.cpp 2021-12-02 18:44:46 UTC (rev 286437)
+++ trunk/Source/WebKit/WebProcess/WebPage/WebPage.cpp 2021-12-02 19:19:01 UTC (rev 286438)
@@ -902,15 +902,6 @@
m_page->setCanUseCredentialStorage(parameters.canUseCredentialStorage);
-#if HAVE(SANDBOX_STATE_FLAGS)
- if (!m_page->settings().offlineWebApplicationCacheEnabled()) {
- // This call is not meant to actually read a preference, but is only here to trigger a sandbox rule in the
- // WebContent process, which will toggle a sandbox variable used to determine if AppCache is disabled
- // This call should be replaced with proper API when available.
- CFPreferencesGetAppIntegerValue(CFSTR("key"), CFSTR("com.apple.WebKit.WebContent.AppCacheDisabled"), nullptr);
- }
-#endif
-
updateThrottleState();
}
Modified: trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in (286437 => 286438)
--- trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in 2021-12-02 18:44:46 UTC (rev 286437)
+++ trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in 2021-12-02 19:19:01 UTC (rev 286438)
@@ -1812,49 +1812,31 @@
(when (defined? 'system-fcntl)
(deny system-fcntl (with telemetry))
- (allow system-fcntl
- (fcntl-command
- F_GETPATH)) ;; used by dyld4 and CGFontURLCreate, getcwd (at least)
- (allow system-fcntl (with report) (with telemetry)
- (fcntl-command
- F_BARRIERFSYNC
- F_GETCONFINED
- F_GETFL ;; LibJPEGReadPlugin::copyImageBlockSetStandard
- F_GETSIGSINFO
- F_NOCACHE
- F_RDADVISE
- F_SETCONFINED
- F_ADDFILESIGS_RETURN ;; ImageLoaderMachO::loadCodeSignature
- F_CHECK_LV ;; ImageLoaderMachO::loadCodeSignature
- F_SPECULATIVE_READ ;; ImageLoaderMachO::mapSegments
- F_SETFD ;; libwebrtc.dylib (no backtrace)
- F_GETFD ;; libwebrtc.dylib (no backtrace)
- F_RDADVISE ;; CoreNLP::ReadOnlyFile <- +[DDScannerService scanString:range:configuration:] <- WebCore::DictionaryLookup::rangeAtHitTestResult(WebCore::HitTestResult const&)
- F_NOCACHE ;; Security::UnixPlusPlus::FileDesc::fcnt <- MTRegisterPluginFormatReaderBundleDirectory <- invocation function for block in WebCore::registerFormatReaderIfNecessary()
- F_SETFL ;; CMCapture uses when camera is enabled
- F_SETNOSIGPIPE)) ;; CMCapture uses when camera is enabled
+ (allow system-fcntl
+ (fcntl-command F_BARRIERFSYNC)
+ (fcntl-command F_GETCONFINED)
+ (fcntl-command F_GETFL) ;; LibJPEGReadPlugin::copyImageBlockSetStandard
+ (fcntl-command F_GETLK)
+ (fcntl-command F_GETSIGSINFO)
+ (fcntl-command F_NOCACHE)
+ (fcntl-command F_OFD_GETLK)
+ (fcntl-command F_OFD_SETLKWTIMEOUT)
+ (fcntl-command F_RDADVISE)
+ (fcntl-command F_SETCONFINED)
+ (fcntl-command F_GETPATH) ;; used by dyld4 and CGFontURLCreate, getcwd (at least)
+ (fcntl-command F_ADDFILESIGS_RETURN) ;; ImageLoaderMachO::loadCodeSignature
+ (fcntl-command F_CHECK_LV) ;; ImageLoaderMachO::loadCodeSignature
+ (fcntl-command F_SPECULATIVE_READ) ;; ImageLoaderMachO::mapSegments
+ (fcntl-command F_SETFD) ;; libwebrtc.dylib (no backtrace)
+ (fcntl-command F_GETFD) ;; libwebrtc.dylib (no backtrace)
+ (fcntl-command F_RDADVISE) ;; CoreNLP::ReadOnlyFile <- +[DDScannerService scanString:range:configuration:] <- WebCore::DictionaryLookup::rangeAtHitTestResult(WebCore::HitTestResult const&)
+ (fcntl-command F_NOCACHE) ;; Security::UnixPlusPlus::FileDesc::fcnt <- MTRegisterPluginFormatReaderBundleDirectory <- invocation function for block in WebCore::registerFormatReaderIfNecessary()
+ (fcntl-command F_SETFL) ;; CMCapture uses when camera is enabled
+ (fcntl-command F_SETNOSIGPIPE)) ;; CMCapture uses when camera is enabled
- (define (appcache-fcntl-commands)
- (fcntl-command
- F_GETLK
- F_OFD_GETLK
- F_OFD_SETLK
- F_OFD_SETLKWTIMEOUT))
+ (allow system-fcntl
+ (fcntl-command F_OFD_SETLK))
-#if HAVE(SANDBOX_STATE_FLAGS)
- ;; This rule enables the WebContent process to flip the "AppCacheDisabled" sandbox variable
- ;; by reading a preference from the domain "com.apple.WebKit.WebContent.AppCacheDisabled".
- (deny user-preference-read (with enable-state-flag "AppCacheDisabled")
- (preference-domain "com.apple.WebKit.WebContent.AppCacheDisabled"))
-
- (with-filter (require-not (state-flag "AppCacheDisabled"))
- (allow system-fcntl (appcache-fcntl-commands)))
- (with-filter (state-flag "AppCacheDisabled")
- (allow system-fcntl (with report) (with telemetry) (appcache-fcntl-commands)))
-#else
- (allow system-fcntl (with report) (with telemetry) (appcache-fcntl-commands)))
-#endif
-
(allow system-fcntl
(fcntl-command F_GETPROTECTIONCLASS)
(fcntl-command F_SETPROTECTIONCLASS))
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
